kind: VsphereClusterConfiguration
apiVersions:
- apiVersion: deckhouse.io/v1
  openAPISpec:
    type: object
    additionalProperties: false
    description: |
      Describes the configuration of a cloud cluster in vSphere.

      Used by the cloud provider if a cluster's control plane is hosted in the cloud.

      Run the following command to change the configuration in a running cluster:

      ```shell
      kubectl -n d8-system exec -ti deploy/deckhouse -- deckhouse-controller edit provider-cluster-configuration
      ```
    x-doc-search: |
      ProviderClusterConfiguration
    x-unsafe-rules: [deleteZones]
    x-examples:
      - apiVersion: deckhouse.io/v1
        kind: VsphereClusterConfiguration
        sshPublicKey: "<SSH_PUBLIC_KEY>"
        layout: Standard
        vmFolderPath: 'folder/prefix'
        regionTagCategory: k8s-region
        zoneTagCategory: k8s-zone
        region: region2
        zones:
          - region2-a
        externalNetworkNames:
          - net3-k8s
        internalNetworkNames:
          - K8S_3
        internalNetworkCIDR: 172.16.2.0/24
        baseResourcePool: kubernetes/cloud
        masterNodeGroup:
          replicas: 1
          instanceClass:
            numCPUs: 4
            memory: 8192
            template: Templates/ubuntu-focal-20.04
            mainNetwork: net3-k8s
            additionalNetworks:
              - K8S_3
            datastore: lun10
            rootDiskSize: 20
            runtimeOptions:
              nestedHardwareVirtualization: false
        nodeGroups:
          - name: worker
            replicas: 1
            zones:
              - ru-central1-a
            instanceClass:
              numCPUs: 4
              memory: 8192
              template: Templates/ubuntu-focal-20.04
              datastore: lun10
              mainNetwork: net3-k8s
        provider:
          server: '<SERVER>'
          username: '<USERNAME>'
          password: '<PASSWORD>'
          insecure: true
    required: [apiVersion, kind, masterNodeGroup, regionTagCategory, zoneTagCategory, sshPublicKey, vmFolderPath, region, zones, layout, provider]
    properties:
      apiVersion:
        type: string
        enum: [deckhouse.io/v1, deckhouse.io/v1alpha1]
      kind:
        type: string
        enum: [VsphereClusterConfiguration]
      masterNodeGroup:
        type: object
        additionalProperties: false
        required: [replicas, instanceClass]
        description: |
          The definition of the master's NodeGroup.

          > Caution! After changing the parameters of the section, you need to run `dhctl converge` for the changes to take effect.
        properties:
          replicas:
            type: integer
            minimum: 1
            description: |
              The number of master nodes to create. It is important to have an odd number of masters to ensure a quorum.
            x-unsafe-rules: [updateReplicas]
          zones:
            type: array
            items:
              type: string
            minItems: 1
            uniqueItems: true
            description: A limited set of zones in which nodes can be created.
          instanceClass:
            type: object
            additionalProperties: false
            required: [numCPUs, memory, template, mainNetwork, datastore]
            description: |
              Partial contents of the fields of the [VsphereInstanceClass](https://deckhouse.io/documentation/v1/modules/030-cloud-provider-vsphere/cr.html#vsphereinstanceclass).
            properties: &instanceClassProperties
              numCPUs:
                type: integer
                description: |
                  Count of vCPUs to allocate to vSphere VirtualMachines.
                example: 2
              memory:
                type: integer
                description: |
                  Memory in MiB to allocate to vSphere VirtualMachines.
                example: 8192
              template:
                type: string
                description: |
                  Path to the template to be cloned. Relative to the datacenter.
                example: dev/golden_image
              mainNetwork:
                type: string
                description: |
                  Path to the network that VirtualMachines' primary NICs will connect to (default gateway). Relative to the datacenter.
                example: k8s-msk-178
              datastore:
                type: string
                description: |
                  Path to a Datastore in which VirtualMachines will be cloned. Relative to the datacenter.
                example: lun-1201
              additionalNetworks:
                type: array
                items:
                  type: string
                description: |
                  Paths to networks that VirtualMachines' secondary NICs will connect to. Relative to the datacenter.
                example:
                  - DEVOPS_32
                  - DEVOPS_50
              rootDiskSize:
                type: integer
                description: |
                  Root disk size in GiB to use in vSphere VirtualMachines.

                  The disk will be automatically enlarged if its size in the template is less than specified.
                example: 20
              resourcePool:
                type: string
                description: |
                  Path to a Resource Pool in which VirtualMachines will be cloned. Relative to the zone (vSphere Cluster).
                example: rp-2012
              mainNetworkIPAddresses:
                type: array
                description: |
                  A list of static IP addresses (with a CIDR prefix) sequentially allocated to nodes in the `mainNetwork`.

                  By default, the DHCP client is enabled.
                x-examples:
                  - [{"address": "10.1.14.20/24", "gateway": "10.1.14.254", "nameservers": { "addresses": ['8.8.8.8','8.8.4.4']}}]
                items:
                  type: object
                  required: [address, gateway, nameservers]
                  properties:
                    address:
                      type: string
                      description: An IP address with a CIDR prefix.
                      pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$'
                    gateway:
                      type: string
                      description: |
                        The IP address of the default gateway.

                        It must be located in the subnet specified in the `address` parameter
                      pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
                    nameservers:
                      type: object
                      properties:
                        addresses:
                          type: array
                          description: A list of DNS servers.
                          x-examples:
                            - - 8.8.8.8
                              - 8.8.4.4
                          items:
                            type: string
                            pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
                        search:
                          type: array
                          description: |
                            A list of DNS search domains.
                          x-examples:
                            - - tech.lan
                          items:
                            type: string
              runtimeOptions:
                type: object
                description: |
                  Additional VM's parameters.
                properties:
                  nestedHardwareVirtualization:
                    type: boolean
                    description: |
                      Whether to enable or disable nested [hardware virtualization](https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vm_admin.doc/GUID-2A98801C-68E8-47AF-99ED-00C63E4857F6.html).
                  cpuShares:
                    type: integer
                    description: |
                      The relative amount of CPU Shares for VMs to be created.
                  cpuLimit:
                    type: integer
                    description: |
                      CPU limit in MHz.
                  cpuReservation:
                    type: integer
                    description: |
                      CPU reservation in MHz.
                  memoryShares:
                    type: integer
                    minimum: 0
                    maximum: 100
                    description: |
                      The relative amount of Memory Shares for VMs to be created.
                  memoryLimit:
                    type: integer
                    description: |
                      Memory limit in MB.
                  memoryReservation:
                    type: integer
                    minimum: 0
                    maximum: 100
                    description: |
                      VM memory reservation in percent (relative to `.spec.memory`).
      nodeGroups:
        type: array
        description: |
          An array of additional NodeGroups for creating static nodes (e.g., for dedicated front nodes or gateways).
        items:
          type: object
          required: [name, replicas, instanceClass]
          properties:
            name:
              type: string
              description: |
                The name of the NodeGroup to use for generating node names.
            replicas:
              type: integer
              description: |
                The number of nodes to create.
            nodeTemplate:
              description: |
                Parameters of Node objects in Kubernetes to add after registering the node.
              properties:
                labels:
                  type: object
                  description: |
                    A list of labels to attach to cluster resources.

                    The same as the `metadata.labels` standard [field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta).
                  x-examples:
                  - environment: production
                    app: warp-drive-ai
                  additionalProperties:
                    type: string
                annotations:
                  type: object
                  description: |
                    The same as the `metadata.annotations` standard [field](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta).
                  x-examples:
                  - ai.fleet.com/discombobulate: "true"
                  additionalProperties:
                    type: string
                taints:
                  type: array
                  description: |
                    The same as the `.spec.taints` field of the [Node](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#taint-v1-core) object.

                    > **Caution!** Only the `effect`, `key`, `values`  fields are available.
                  x-examples:
                  - - effect: NoExecute
                      key: ship-class
                      value: frigate
                  items:
                    type: object
                    properties:
                      effect:
                        type: string
                        enum: [NoSchedule, PreferNoSchedule, NoExecute]
                      key:
                        type: string
                      value:
                        type: string
            zones:
              type: array
              description: A limited set of zones in which nodes can be created.
              items:
                type: string
              minItems: 1
              uniqueItems: true
            instanceClass:
              type: object
              additionalProperties: false
              required: [numCPUs, memory, template, mainNetwork, datastore]
              description: |
                Partial contents of the fields of the [VsphereInstanceClass](https://deckhouse.io/documentation/v1/modules/030-cloud-provider-vsphere/cr.html#vsphereinstanceclass).
              properties:
                <<: *instanceClassProperties
      sshPublicKey:
        type: string
        description: |
          A public key for accessing nodes.
      regionTagCategory:
        type: string
        description: |
          The name of the tag category used to identify the region (vSphere Datacenter).
        default: "k8s-region"
        x-unsafe: true
      zoneTagCategory:
        type: string
        description: |
          The name of the tag category used to identify the zone (vSphere Cluster).
        default: "k8s-zone"
        x-unsafe: true
      disableTimesync:
        x-doc-default: true
        type: boolean
        description: |
          Disable time synchronization on the vSphere side.

          > **Caution!** This parameter will not disable the NTP daemons in the guest OS, but only disable the time correction on the part of ESXi.
      externalNetworkNames:
        type: array
        items:
          type: string
        description: |
          Names of networks (just the name and not the full path) connected to `VirtualMachines` and used by `vsphere-cloud-controller-manager` to insert ExternalIP into the `.status.addresses` field in the Node API object.
        x-examples:
        - - MAIN-1
          - public
        x-unsafe: true
      internalNetworkNames:
        type: array
        items:
          type: string
        description: |
          Names of networks (just the name and not the full path) connected to `VirtualMachines` and used by `vsphere-cloud-controller-manager` to insert InternalIP into the `.status.addresses` field in the Node API object.
        x-examples:
        - - KUBE-3
          - devops-internal
        x-unsafe: true
      internalNetworkCIDR:
        type: string
        description: |
          Subnet for master nodes in the internal network.

          Addresses are allocated starting with the tenth address. E.g., if you have the `192.168.199.0/24` subnet, addresses will be allocated starting with `192.168.199.10`.

          The `internalNetworkCIDR` is used if `additionalNetworks` are defined in `masterInstanceClass`.
        pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$'
        x-unsafe: true
      vmFolderPath:
        type: string
        description: |
          The path to the VirtualMachine Folder where the cloned VMs will be created.
        x-examples:
          - "dev/test"
        x-unsafe: true
      vmFolderExists:
        type: boolean
        default: false
        description: |
          Set the value to `true` if the path specified in `vmFolderPath` exists. Installing more than one cluster in a folder is not possible.
        x-examples:
          - "dev/test"
        x-unsafe: true
      region:
        type: string
        description: |
          Is a tag added to the vSphere Datacenter where all actions will occur: provisioning VirtualMachines, storing virtual disks on datastores, connecting to the network.
        x-unsafe: true
      zones:
        type: array
        description: |
          The globally restricted set of zones that this Cloud Provider works with.
        items:
          type: string
        minItems: 1
        uniqueItems: true
      baseResourcePool:
        type: string
        description: |
          A path (relative to vSphere Cluster) to the existing parent `resourcePool` for all `resourcePool` created in each zone.
        x-unsafe: true
      useNestedResourcePool:
        type: boolean
        description: |
          Create nested resource pool (`true`) or use main resource pool (`false`).
        x-doc-default: true
      layout:
        type: string
        description: |
          The way resources are located in the cloud.

          Read [more](https://deckhouse.io/documentation/v1/modules/030-cloud-provider-vsphere/layouts.html) about possible provider layouts.
        x-unsafe: true
      provider:
        type: object
        additionalProperties: false
        description: Parameters for connecting to the vCenter.
        properties:
          server:
            type: string
            description: The host or the IP address of the vCenter server.
          username:
            type: string
            description: The login ID.
          password:
            type: string
            description: The user's password.
          insecure:
            type: boolean
            description:  Set to `true` if vCenter has a self-signed certificate.
            x-doc-default: false
        required:
        - server
        - username
        - password
      nsxt:
        type: object
        description: |
          Kubernetes load balancer support using NSX-T for the vSphere cloud controller manager.
        required: [defaultIpPoolName, tier1GatewayPath, user, password, host]
        properties:
          defaultIpPoolName:
            type: string
            description: |
              Name of the default IP pool used for the SVC's without `loadbalancer.vmware.io/class` annotation set.
            x-examples:
              - pool1
          defaultTcpAppProfileName:
            type: string
            description: |
              Name of default NSX-T application profile used for TCP connections.
            default: "default-tcp-lb-app-profile"
            x-examples:
              - default-tcp-lb-app-profile
              - tcp-profile1
          defaultUdpAppProfileName:
            type: string
            description: |
              Name of default NSX-T application profile used for UDP connections.
            default: "default-udp-lb-app-profile"
            x-examples:
              - default-udp-lb-app-profile
              - udp-profile1
          size:
            type: string
            description: |
              Size of load balancer service.
            enum: ["SMALL", "MEDIUM", "LARGE", "XLARGE"]
            default: "MEDIUM"
            x-examples:
              - SMALL
          tier1GatewayPath:
            type: string
            description: |
              Policy path for the NSX-T tier1 gateway.
            x-examples:
              - /path/tier1
          user:
            type: string
            description: |
              NSX-T user name.
            x-examples:
              - user
          password:
            type: string
            description: |
              NSX-T password.
            x-examples:
              - password
          host:
            type: string
            description: |
              NSX-T host.
            x-examples:
              - 1.2.3.4
          insecureFlag:
            type: boolean
            description: |
              To be set to true if NSX-T uses self-signed certificate.
            x-examples:
              - true
              - false
          loadBalancerClass:
            type: array
            description: |
              Additional section to define Load Balancer Classes (set annotation `loadbalancer.vmware.io/class: <CLASS NAME>` to SVC to use the class).
            items:
              required: [name, ipPoolName]
              properties:
                name:
                  type: string
                  description: |
                    Load Balancer Class name to use in SVC annotation `loadbalancer.vmware.io/class: <CLASS NAME>`.
                ipPoolName:
                  type: string
                  description: |
                    Name of the IP pool.
                tcpAppProfileName:
                  type: string
                  description: |
                    Name of application profile used for TCP connections.
                  x-doc-default: "defaultTcpAppProfileName"
                udpAppProfileName:
                  type: string
                  description: |
                    Name of application profile used for UDP connections.
                  x-doc-default: "defaultUdpAppProfileName"
            x-examples:
            - []
            - {"name": "LBC1", "ipPoolName": "pool2"}
            - {"name": "LBC1", "ipPoolName": "pool2", "tcpAppProfileName": "profile2" , "udpAppProfileName": "profile3"}
    oneOf:
    - required: [layout]
      properties:
        layout:
          enum:
          - Standard
          type: string
